Sandboxing Browsers & E-mail Applications Properly

BTJustice · March 31, 2012, 6:40pm

Since most infections from malware come through browsers such as Chrome, Firefox, Internet Explorer, Safari, etc. and e-mail clients such as Outlook, Outlook Express, Thunderbird, Windows Mail, Windows Live Mail, etc., it makes perfect sense to me to have these run in the sandbox.

What would be the best way to add these to the sandbox to keep malware from them infecting a computer but so they are still able to operate correctly?

For example, Mozilla Firefox running on Windows 7 64-bit. I know you open CIS, go to Defense+, click RUN A PROGRAM IN THE SANDBOX, click BROWSE, and go to…

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

BUT, which RUN AS option is the best? UNTRUSTED, RESTRICTED, LIMITED, or PARTIALLY LIMITED?

Peter5 · March 31, 2012, 7:23pm

If you are using a LUA/SUA i would use Partially limited. If not, you might try limited but you might get some troubles, for example you will not be able to copy/paste.

The Manual Sandbox is one way to protect from exploits with stolen digital signatures. From what i have seen Comodo checks first the whitelist, and if not in there then the blacklist.

http://www.pcworld.com/businesscenter/article/251925/digitally_signed_malware_is_increasingly_prevalent_researchers_say.html

HeffeD · March 31, 2012, 7:33pm

If you want something to always run in the sandbox, you can go to Defense+ → Computer Security Policy and add the program to the Always Sandbox list.

BTJustice · March 31, 2012, 7:50pm

I added firefox.exe and thunderbird.exe using your steps as limited. I’ll see how it goes.

BTJustice · March 31, 2012, 7:56pm

Firefox is running like ■■■■ on LIMITED

EDIT: The same with PARTIALLY LIMITED as well. Looks like sandboxing won’t work in regards to performance.

Peter5 · March 31, 2012, 8:04pm

I use Opera and it runs very well in partially limited, even in limited.
From what i remember FF does not run well in limited, but my family uses FF in partially limited without a problem.

I think you will have to wait for V.6 of CIS. It will improve a lot the process of virtualizattion.

Citizen_K · April 1, 2012, 2:13am

Or use Opera browser test builds for your email and surfing. The ultimate security by obscurity… 8)

mouse1 · April 7, 2012, 8:19am

This FAQ may help: Sandboxing browsers.

But I agree, the facilitites in v6 may be better (rumour not promise).